Status: IN
Azure Monitor workspace configuration is a compound risk surface: workspace decisions (retention, table plans, DCR filtering) simultaneously affect three security/observability consumers (Monitor, Sentinel, Defender) AND govern the dual-track alert lifecycle (system-managed conditions + user response states), making workspace misconfiguration a single point of failure for both security posture and operational alerting.